EU regulators threaten privacy crackdown against Google
Web giant may face "repressive action" before summer if it does not respond to a dozen recommendations related to how it manages user data.
Google may face a coordinated crackdown by privacy regulators in Europe before this summer unless the Web giant makes dramatic changes to how it manages user data.
France's privacy watchdog said today that Google had yet to respond with "precise and effective" answers to a dozen recommendations unanimously adopted by 27 national regulators last October and as a result could face a coordinated "repressive action." The Article 29 Working Party, a group of data protection officials from each member states, is expected to vote on the proposal at the end of the month.
"European data protection authorities have noted that Google did not provide any precise and effective answers to their recommendations," Commission Nationale de l'Informatique et des Libertes (CNIL), the organization that has aggressively led the probe against Google, said in a statement today.
"In this context, the EU data protection authorities are committed to act and continue their investigations. Therefore, they propose to set up a working group, lead by the CNIL, in order to coordinate their repressive action which should take place before summer," the CNIL said.
Google denied that its privacy policy was in violation of EU law.
"Our privacy policy respects European law and allows us to create simpler, more effective services," Google said in a statement. "We have engaged fully with the CNIL throughout this process, and we'll continue to do so going forward."
Saying that the Web giant was not in compliance with European law, the group suggested that Google should strengthen the consent sought for combining data for the purposes of service improvement and advertising; provide a centralized opt-out solution; and adapt the combination rules to distinguish between security and advertising. Google was also warned about not clarifying how long it stores user data.
After issuing its recommendations in October, regulators gave Google four months to amend its privacy policy to address issues that could violate member countries' laws.
Google raised the ire of privacy advocates in January 2012 a privacy policy rewrite that would grant it explicit rights to "combine personal information" across multiple products and services. The simplified privacy policy, which would replace 60 privacy policies for different services, would only improve the user experience, Google argued.
Opponents of the change sued, saying the move was designed to increase the company's advertising effectiveness. EU officials asked that Google delay implementing its new policy until the privacy implications can be analyzed, but the Web giant declined, saying it had it extensively pre-briefed privacy regulators on the changes and that no objections were raised at the time.
Updated at 6 p.m. PT with Google comment.